This page will briefly outline our PII processes.
By default, Zenlogin does not store any PII. When you make a request to our API which includes any PII (eg. email address, first name, etc), this data is only used to fulfill the request. For example, if we believe the login is suspicious, we'll use the data sent through the API to send an login notification email to the recipient.
Immediately after, this data is deleted from memory. Additionally, we don't store any PII in our logs.
We understand that it may be important for you to associate email notifications sent with specific email addresses and users. We're able to support this, however we enable it on a per-account basis. This is to ensure that appropriate GDPR and CCPA processes are followed.
Please contact support to request this feature for your account.
In the case that an API call results in an email being sent to one of your users, a copy of the data may be available through our partner, Postmark.
We use Postmark to fulfill the email notification, and for compliance reasons, a copy of those emails are stored with them. Emails are deleted after 45-days (unless otherwise requested by account administrators).